CyberSecurity DIKW Briefing Note

Like this? Share it with your network

Share

CyberSecurity DIKW Briefing Note

  • 2,910 views
Uploaded on

CyberSecurity DIKW Briefing Note

CyberSecurity DIKW Briefing Note

More in: Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,910
On Slideshare
2,884
From Embeds
26
Number of Embeds
1

Actions

Shares
Downloads
14
Comments
0
Likes
1

Embeds 26

https://twitter.com 26

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If youwould like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark email; mesbernard@gmail.com CyberSecurityisdependentupontheeffectiveprotectionofdata,information,knowledgeandwisdom(DIKW).Identificationandassessmentofassociatedrisksiscrucialtosecurelymanagingtheseassetsappropriately.Safeguardingtheseassetsfromknownvulnerabilitiespotentiallyimpactingtheirconfidentiality,integrityand/oravailabilityisthekeytosuccess. TheDIKWChartbelowdescribesadevelopmentcyclefrombasicalphanumericchartersandmeaninglessgibberishcommonlyknownas“data”intohighlyvaluedknowledgeandwisdom.Asinformationalrecordsareconstructedfromdata,informationundergoestestingandrefinementresultinginknowledgeandwisdom.Asdataistransformedfromitsbasicrawformatintoinformation,knowledgeandwisdomitsvalueincreasesexponentially. Dependinguponthelocationoftheknowledge,whichcouldbethehumanbrain,hardcopyordigitalaudioandvideothevulnerabilitieswillfluctuate.Ifthevalueishighenoughathreatmightbemotivatedtoexploitavulnerabilitytoaccesstheasset.UnderstandingwhatDIKWassetitisthatyouareprotectingbyfacilitatingariskassessmentwillhelpyoudesignandimplementacontrolframeworkthatwillsuccessfullymitigatetherisk.Theultimategoalistoremovethemotiveandopportunityfromthethreat.Wecannotmitigatethethreat’scapabilityonourown,butwecanreducethelikelyhoodbyremoveasmuchaswehavecontrolover. Diagram A Data “0” value Information $ Knowledge $$ Wisdom $$$ Example: Threats= Human, Nature Vulnerability= Contamination, corruption, damage, lost data, Hardware defects and vulnerabilities, etc…. Example: Threats= Human, Nature Vulnerability= Lack of Data Quality, software /hardware /telecom defects and vulnerabilities, not adequately secured, no contingency planning, etc…. Example: Threats= Human, Nature Vulnerability= Invalidated, not tested or verified, inaccurate information, data corruption, aging human mind, time sensitivity, not adequately secured, no contingency planning, etc… Example: Threats= Human, Nature Vulnerability= Untested Knowledge, Not independently verifiable, aging human mind, no succession planning, etc… Humans,storeknowledgeandwisdominlongtermandshorttermmemory.Thisknowledgeisusedtoincreasetheirtacitknowledgeanddirectexplicitknowledgeatspecificsubjectsandtopics. HumanResourceshastraditionallymanagedtherecruitmentofhuman’swithuniquetrainingandexperiencetoimproveorganizationalcapability.TheKnowledgeManagementprofessionhasgrownoverthelastdecadeplayinganincreasingroleinthemanagementoforganizationalknowledgeandcapability.Knowledgeisvaluabletoeveryorganizationanditneedstobeprotectednomatterwhereitsstored,processedortransmitted. Theinvestmentinsecuritymustnotexceedthevalueoftheasset.OneimportantfootnotetoconsideristhatDIKWarecodependentduringthedevelopment,testingandverificationstages, howeverDIKWcanalsoexistindependently.FacilitatingandinventoryofAssetsisessential. DIKW Development Chart
  • 2. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If youwould like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark email; mesbernard@gmail.com BelowIhaveprovided3examplesofDIKW;Inexample#1I’vedescribedHumanResourcesDIKW,inexample#2I’veprovidedanexampleofDIKWforPaymentSystems,andinexample#3I’veprovidedanexampleofDIKWforCyberSecuritymonitoringsystems. Name B-date SIN Phone Performance History Employee record Succession Plan /Capability Plan /Budget Information $ Knowledge $$ Wisdom $$$ EXAMPLE#1ofHumanResourceDIKW Data -individual elements have no value Name Card# SIN CVV Transaction History Customer record Capability Plan /Budget Information $ Knowledge $$ Wisdom $$$ EXAMPLE#2ofPaymentDIKW Data -individual elements have no value IP Date Protocol Action SIEM /HID /ID Log record Incident Management Plan /Counter Measures Information $ Knowledge $$ Wisdom $$$ EXAMPLE#3ofCyberSecurityDIKW Data -individual elements have no value